3

I'd like to restrict access to a certain set of pages by IP address (there are only 2 or 3 people allowed to access this area). Unfortunately, at least one of those is a dynamically allocated IP address from an ISP. One very long-winded option I've considered is a kind of custom dyndns-type setup where the client would register their IP change, which would then rewrite the apache config file and reload it. Given that we have a dyndns account set up, we can always get their current IP address from there and periodically update / reload the apache config file. But is there a more elegant way?

Here's the current line (with dummy ip):

RewriteCond %{REMOTE_ADDR} !^12\.23\.34\.45

and I've also tried:

RewriteCond %{REMOTE_HOST} !^name\.dtdns\.net

which was a long shot anyway - their IP address would never resolve back to that name, obviously. I don't have access to mod_perl on this server, so can't do anything there. Is there another way?

dsl101
  • 433
  • 1
  • 7
  • 13
  • 1
    Why don't you just use Apache Authentication ? It's easy to setup and the users can save the passwords in their browser for relatively easy access. – user9517 Feb 07 '14 at 11:53
  • Yes, we're using Basic Auth as well. I just wanted to restrict access even further, given that we know which IP addresses should even be able to try to log in. – dsl101 Feb 07 '14 at 17:39

1 Answers1

2

What you're using is IP-based authentication. Nothing wrong with that, I've used it, although always in combination with other authentication methods. But if the IP address is changing, I don't think there's any shortcut to updating the Apache config whenever the address changes, as you described.

An alternative is to use user/password authentication, or client certificate-based authentication with SSL.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
  • Thanks - we are using basic authentication as well. It's just an added layer of security to restrict access to even the login form. – dsl101 Feb 07 '14 at 17:39